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Amendments to the Claims 

1 Claim 1 (currently amended); In a computing environment having a connection to a network, a 

2 conrputer program product for securely propagating security credentials [[from]] using a trusted 

3 master registry, the computer program product en^odied on one or more computer-readable 

4 media and comprising: 

5 computer-readable program code means for establishing a secure connection between a 

6 client and a password synchronization agent (PSA); 

7 computer-readable program code means for receiving, at the PSA from the client over the 

8 secure connection, tiaii&mitliiig an identifier of a user and an identifying secret of the us er fr o m 

9 t h i L cl i e n t tn t h e PSA o i/ e r th e secu r e connecti o n during propagation request processing : 

1 0 computer-readable program code means for validating the user with the trusted master 

1 ]. registry using thetr ansmh tc d received user identifier and identifying secret, on request of the 

12 PSA; and 

1 3 computer-readable program code means for propagating the received identifying secret of 

1 4 the user directly from the PSA to one or more target registries if the validation succeeds. 



1 Claim 2 (original): The computer program product according to Claim 1, ftirther comprising: 

2 computers-readable program code means for establishing a second secure connection 

3 between the PSA and the trusted master registry; and 

4 computer-readable program code means for using the second secure connection for the 

5 validating of the user. 
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1 Claim 3 (currently amended): The computer program product according to Cl^ 1, further 

2 comprising: 

3 computer-jreadable program code means for estaUishing additional secure connecdons 

4 between the PSA and each of the target registries; and 

5 computer-readable program code means for using the additional secure connections for 

6 the propagating of the received identifying secret. 

1 Claim 4 (cuirently amended): The computer program product according to Claim 1, wherein the 

2 master registry stores password sjmchronization policy information, and wherein the computer- - 

3 readable program code means for propagating the received identifying secret further comprises 

4 computer-readable program code means for identifying the target registries using the stored 

5 password synchronization policy information for the user. 

1 Claim 5 (currently amended): The computer program product according to Claim 1 , wherein the 

2 master registry stores password synchronization policy information, and wherein the computer- 

3 readable program code means for propagating the received identifying secret further comprises 

4 computer-readable program code means for identifying the target registries using the stored 

5 password synchronization policy information for a user group of which the user is a member. 

1 Claim 6 (original): The computer program product according to Claim 1, wherein the computer- 

2 readable program code means for establishing the secure connection further con^>rises computer- 

3 readable program code means for authenticating the PSA to the client. 
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1 Claim 7 (origioal): The computer program product according to Claim 2, wherein the oomputer- 

2 reackble program code means for establishing the second secure connection further comprises 

3 computer-readable program code means for authenticating the master registry to the PSA, 

1 Claim 8 (original): The computer program product according to Claim 3, wherein the computer- 

2 readable program code means for establishing additional secure connections further comprises 

3 computer-readable program code means for authenticating the one or more target registries to the 

4 PSA. 

1 Claim 9 (currently amended): The computer program product according to Claim I, wherein the 

2 computer-readable program code means for validating further comprises: 

3 computer-readable program code means for performing a security function on the 

4 received identifying secret of the user, wherein the security function comprises one of (i) a one- 

5 way hashing algorithm or (ii) an encryption algorithm; 

6 computer-readable program code means for using the received user identifier to locate a 

7 previously-stored identifying secret of the user which was stored by the master registry; and 

8 computer-readable program code means for concluding that the validation succeeds if the 

9 located identifying secret is identical to a result of performing the security fiinction, 

1 Claim 1 0 (currently amended): The computer program product according to Claim 1 , wherein 

2 the computer-readable program code means for validating flirther comprises computer-readable 
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3 program code means fot invokins an authenticated LDAP bind or other native authentication 

4 mechanism of the master registry, wherein the received identifier of the user and the reprived 

5 identifying secret of the user are passed to the master registry, thereby causing the mast^ registry 

6 to validate the passed identifier and identifying secret and return a result which reports a success 

7 or failure of the validation. 

1 Claim 1 1 (original): The computer program product according to Claim 1, wherein the PSA has 

2 administrative authority for performing operations at the one or more target registries. 

1 Claim 1 2 (currently amended): The computer program product according to Claim I, fiirther 

2 comprising: 

3 computer-readable program code means for obtaining a new value from the user to be 

4 used as the propagated identifying secret if the validation succeeds; and 

5 computer-readable program code means for substituting this new value for the received 

6 identifying secret prior to operation of the computer-readable program code means for 

7 propagating. 

1 Claim 13 (currently amended): A system for securely synchronizing security credentials [[from]] 

2 using a trusted master registry, comprising: 

3 means for establishing a secure cormection between a client and a password 

4 synchronization agent (PSA); 

5 means for receiviny, at thc_gSA from the client over the secure connection, transmitting 
Serial No. 09/613,983 -6- Docket RSW9-2000-0O44-US1 



PAGE 811 9 ' RCVD AT 911/2004 8:53:1 1 AM [Eastern Daylight Time] ' SW^ 



09/01/2084 08:55 4073437587 



FAX 



PAGE 09 



6 an identifier of a user and an identi^ng secret of the us ei fmm ibi. dieuL lu llic PDA oi^ej flic 

7 o > . ■I ll - i- ^ iii n F Aii e n ^urinfz propagation request processinR ; 

8 means for validating the user with the trusted master registry using thrtransnritted 

9 received user identifier and identifying secret, on request of the PSA; and 

1 0 means for propagating the received identilying secret of the user directly from the PSA to 

11 one or more target regisrtriesifthe validation succeeds, 

1 Claim 14 (original): The system according to Claim 13, farthesr comprising: 

2 means for establishing a second secure connection between the PSA and the trusted 

3 master r^stry; and 

4 means for using the second secure connection for the validating of the user. 

1 Claim 15 (currently amended): The system according to Claim 13, further coihprising: 

2 means for establishing additional secure connections between the PSA and each of the 

3 target registries; and 

4 means for using the additional secure connections for the propagating of the received 

5 identifying secret. 

1 Claim 16 (currently amended): The system according to Claim 13, wherein the master registry 

2 stores password synchronization policy information, and wherein the means for propagating the 

3 received identifying secret further comprises means for identifying the taiget registries using the 

4 stored password synchronization policy information for the user. 
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1 Clabn 1 7 (currently amended): The system according to Claim 13, wherein the master t^stry 

2 stores password synchronization policy information, and wherdn the means for propagating the 

3 received identifying secret further comprises means for identifying the target registries using the 

4 stored password synchronization policy information for a user group of which the user is a 

5 member. 

1 Claim 18 (original): The system according to Claim 13 , wherein the means for establishing the 

2 secure connection fiirtber comprises means for authexiticattng the PSA to the client. 

1 Claim 19 (or^nal): The system according to Claim 14, wherein the means for establishing the 

2 second secure connection ftwrther comprises means for authenticating the master registry to the 

3 PSA. 

1 Claim 20 (original): The system according to Claim 15, wherein the means for establishing 

2 additional secure connections further comprises means for authenticating the one or more target 

3 registries to the PSA. 

1 Claim 21 (currently amended): The system according to Cl^m 13, wherein the means for 

2 validating further comprises: 

3 means for performing a security flinction on the recrived identifying secret of the user, 

4 wherein the security fUnction comprises one of (i) a on©-way hashir^ algorithm or (ii) an 
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5 encryption algorithm; 

6 means for using the received user identifier to locale a previously-stored identifying 

7 secret of the user which was stored by the master registry; and 

8 means for concluding that the validation succeeds if the located identifying secret is 

9 identical to a result of performing the security function. 

1 Gaim 22 (currently amended): The system according to Claim 13, wherein the means for 

2 validating further comprises means for invoking an authenticated LDAP hind or other native 

3 authentication mechanism of the master registry, wherein the received identifier of the user and 

4 the received identifying secret of the user are passed to the master registry, thereby causing the 

5 master registry to validate the passed identifier and identifying secret and return a resuh which 

6 reports a success or failure of the validation. 

1 Claim 23 (ori^nal): The system according to Claim 13, wherein the PSA has administrative 

2 authority for performing operations at the one or more target registries. 

1 Claim 24 (currently amended): The system according to Claim 13, further comprising: 

2 means for obtaining a new value from the user to be used as the propagated identifying 

3 secret if the validation succeeds; and 

4 means for substituting this new value for the reogived identifying secret prior to operation 

5 of the means for propagating. 
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1 Claim 25 (currently amended): A method for securely propagating security credwxtials [[froiu]] 

2 usinff a trusted master registry, comprising steps of: 

3 establishing a secure connection between a client and a password synchronization agent 

4 (PSA); 

5 f ecmvhfifr at the PSA from the client over the secure connection, transmi t ting a n identifier 

6 of a user and an identifying secret of the us e r fro m th e cKe n t t o th e PS A er v er the sea rre 

7 c o nn e cti o n during propagation request processing: 

8 validating the user with the trusted master registry using tht rtr an snti t t c d received user 

9 identifier and identifying secret, on request of the PSA; and 

1 0 propagating the recetml identifying secret of the us«r directly from the PSA to one or 

1 1 more target registries if the validation succeeds. 

1 Claim 26 (original): The method according to Claim 25^ fiirther comprising steps of 

2 establishing a second secure connection between the PSA and the trusted master registry; 

3 and 

4 using the second secure connection for the validating of the user. 

1 Claim 27 (currently amended): The method according to Claim 25, further comprising steps of: 

2 establishing additional secure cormections between the PSA and each of the target 

3 registries; and 

4 using the additional secure connections for the propagating of the received identifying 

5 secret. 
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1 Claim 28 (currently am^ded): The method according to Clsim 25, wherein the master registry 

2 stores password synchroniaatton policy information, and wherein the step of propagating the 

3 received identifyiiig secret fhrther comprises the step of identifying the target registries uang the 

4 stored password synchronization policy information for the user. 

1 Claim 29 (currently amended): The method according to Claim 25, wheron the master registry 

2 stores password synchronization policy information, and wherein the step of propagating the 

3 received identifying secret further comprises the step of identifying the target registries using the 

4 stored password synchronization policy information for a user group of which the user is a 

5 member. 

1 Claim 30 (original): The method according to Claim 25, wherein the step of establishii^ the 

2 secure connection &rther comprises the step of authenticating the PSA to the client 

1 Claim 3 1 (original): The method according to Claim. 26, wherein the step of establishing the 

2 second secure connection further comprises the step of authenticating the master registry to the 

3 PSA. 

1 Claim 32 (original): The method according to Claim 27, wherein tiie step of establishing 

2 additional secure connections further comprises the step of authenticating the one or more taiget 

3 r^stries to the PSA- 
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1 Claim 33 (currently amended): The method according to Claim 25, wherein the step of 

2 vahdatiog ftirther con^jrises. 

3 performing a security function on the received identifying secret of the user, wherein the 

4 security function compti&es one of (i) a one-way hashing algorithm or (ii) an encryption 

5 algorithm; 

6 using the received user identifier to locate a previously-stored identifying secret of the 

7 user which was stored hy the master registry; and 

8 conchading that the validation succeeds if the located identifying secret is identical to a 

9 result of performing the security fianction. 

1 Claim 34 (currently amended): The method according to Claim 25, wherein the step of 

2 validatii^ further comprises the step of invoking an authenticated LDAP bind or other native 

3 authentication mechanism of the master registry, wherein the received identifier of the user and 

4 the received identifying secret of the user are passed to the master registry, thereby causing the 

5 master registry to validate the passed identifier and identifying secret and return a result which 

6 reports a success or failure of the validation. 

1 Claim 35 (original): The method according to Claim 25, wherein the PSA has administrative 

2 authority for performing operations at the one or more target registries. 

1 Claim 36 (currently amended): The method according to Claim 25, further comprising steps of: 
Serial No. 09/613.983 ^12-^ Docket RSW9-2000-0044-US1 
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2 obtaining a new value from user to be used as the propagated identifying secret if the 

3 vafidation succeeds; and 

4 substituting this new value for the recdved identifying secret prior to operation of the 

5 propagating $tep. 
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